Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/3Z7L3_p0yn0EwtvhrBcb6RS6PAs.roa
File:                     3Z7L3_p0yn0EwtvhrBcb6RS6PAs.roa (raw, json)
Hash identifier:          4nmnsCr5dF+3f2AuaahP7K0weju+VIeFWLyhjXlOYao=
Subject key identifier:   DD:9E:CB:DF:FA:74:CA:7D:04:C2:DB:E1:AC:17:1B:E9:14:BA:3C:0B
Certificate issuer:       /CN=a621186413bbdfde20e592fbe5553de7f94e5987
Certificate serial:       019425FC92C6BF26C7A3CD6E6E9621856674
Authority key identifier: A6:21:18:64:13:BB:DF:DE:20:E5:92:FB:E5:55:3D:E7:F9:4E:59:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/3Z7L3_p0yn0EwtvhrBcb6RS6PAs.roa
Signing time:             Thu 02 Jan 2025 07:48:17 +0000
ROA not before:           Thu 02 Jan 2025 07:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.131.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:92:c6:bf:26:c7:a3:cd:6e:6e:96:21:85:66:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a621186413bbdfde20e592fbe5553de7f94e5987
        Validity
            Not Before: Jan  2 07:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd9ecbdffa74ca7d04c2dbe1ac171be914ba3c0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:92:b3:c1:df:11:b8:30:df:95:60:31:67:3b:
                    70:25:d4:69:ba:70:ae:5b:a0:16:8f:02:e1:51:49:
                    d6:1d:dc:bd:7d:2e:3a:a3:90:4b:87:61:8c:92:9b:
                    17:e1:97:c2:e9:3c:f6:29:a8:a7:6b:42:06:c9:6e:
                    98:2e:c5:aa:29:92:f7:67:c8:bc:08:ac:80:c1:a0:
                    db:21:b9:ea:d8:92:fd:f7:0b:a6:df:fc:f0:90:45:
                    8c:3a:15:9a:53:2f:98:53:ce:d7:a2:5d:83:bc:45:
                    fc:30:9d:e8:70:0f:5e:d3:68:7a:7a:b2:58:7a:0f:
                    4c:af:ba:0c:11:60:a0:80:1c:a3:f2:94:92:09:1f:
                    4f:2f:f7:fd:50:78:a1:fc:54:5b:34:6c:97:5b:12:
                    c6:b1:4b:8f:3a:8f:ee:9e:43:ef:b5:71:78:86:a4:
                    86:93:41:bd:bf:e9:66:fb:19:93:d2:e1:b6:0c:47:
                    76:44:0e:e7:7f:69:bb:34:7e:b2:56:e5:1b:40:67:
                    77:6d:9e:c8:38:3e:33:c1:66:e0:ef:72:0a:ff:53:
                    a1:5c:18:fe:1c:18:ba:c5:19:89:ac:17:bb:1b:d9:
                    9e:3d:78:ab:1d:d7:d0:5c:a9:d4:94:c0:d9:16:ff:
                    9b:5d:48:85:e3:bd:08:04:86:3a:e2:12:2a:51:ac:
                    2b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:9E:CB:DF:FA:74:CA:7D:04:C2:DB:E1:AC:17:1B:E9:14:BA:3C:0B
            X509v3 Authority Key Identifier:
                keyid:A6:21:18:64:13:BB:DF:DE:20:E5:92:FB:E5:55:3D:E7:F9:4E:59:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/3Z7L3_p0yn0EwtvhrBcb6RS6PAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:1c:c8:66:fb:3d:d0:e9:70:02:85:86:0b:3c:f7:b6:47:5f:
         20:5e:9a:d0:02:2b:56:7c:e1:e4:58:a7:35:10:ef:70:4e:df:
         8f:0e:2d:45:79:a5:ac:ec:c2:b5:71:05:b4:e7:aa:f5:05:68:
         1e:e4:d7:00:07:22:89:91:66:b1:97:17:8b:23:b9:59:f1:84:
         93:63:85:da:5e:4d:72:d2:f7:6a:c5:43:94:f6:dd:f8:6d:bb:
         23:67:ea:cc:79:6b:18:84:3d:e7:48:a6:fb:1d:8f:99:cf:e1:
         ff:b2:00:62:05:0f:a2:9c:80:d8:38:9f:79:37:1e:7f:e2:40:
         54:c5:4c:a3:37:5a:7c:12:27:fd:f5:0f:ab:9f:bd:9a:26:39:
         af:19:19:70:2a:b6:fe:4c:37:1b:2f:58:16:52:18:f3:7f:bf:
         5e:87:01:86:00:7d:60:18:fe:b5:9d:0a:23:fb:96:3f:12:7c:
         55:f9:8a:2d:97:63:f1:ee:5a:bb:72:46:47:1c:e8:e5:e3:16:
         dd:8c:3f:4a:66:15:66:6c:9b:46:68:0b:8d:15:c0:85:46:78:
         45:20:07:e8:2c:3b:fd:e9:28:45:bc:02:32:47:4a:15:b7:3a:
         7d:ab:0f:1e:d6:06:b1:bc:ef:eb:58:aa:74:a6:6f:b3:94:1d:
         45:04:d5:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/JLGvybHo81ubpYhhWZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MjExODY0MTNiYmRmZGUyMGU1OTJmYmU1NTUzZGU3Zjk0
ZTU5ODcwHhcNMjUwMTAyMDc0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDllY2JkZmZhNzRjYTdkMDRjMmRiZTFhYzE3MWJlOTE0YmEzYzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpKzwd8RuDDflWAxZztwJdRpunCu
W6AWjwLhUUnWHdy9fS46o5BLh2GMkpsX4ZfC6Tz2Kaina0IGyW6YLsWqKZL3Z8i8
CKyAwaDbIbnq2JL99wum3/zwkEWMOhWaUy+YU87Xol2DvEX8MJ3ocA9e02h6erJY
eg9Mr7oMEWCggByj8pSSCR9PL/f9UHih/FRbNGyXWxLGsUuPOo/unkPvtXF4hqSG
k0G9v+lm+xmT0uG2DEd2RA7nf2m7NH6yVuUbQGd3bZ7IOD4zwWbg73IK/1OhXBj+
HBi6xRmJrBe7G9mePXirHdfQXKnUlMDZFv+bXUiF470IBIY64hIqUawr3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2ey9/6dMp9BMLb4awXG+kUujwLMB8GA1UdIwQY
MBaAFKYhGGQTu9/eIOWS++VVPef5TlmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGlFWVpCTzczOTRnNVpMNzVWVTk1X2xPV1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8wMzk2YWQtZGRhNy00NjAwLThmNjYt
ZjU2Yzc3OWIxNDJmLzEvM1o3TDNfcDB5bjBFd3R2aHJCY2I2UlM2UEFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8wMzk2YWQtZGRhNy00NjAwLThmNjYtZjU2Yzc3OWIxNDJm
LzEvcGlFWVpCTzczOTRnNVpMNzVWVTk1X2xPV1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYPkMA0G
CSqGSIb3DQEBCwUAA4IBAQBRHMhm+z3Q6XAChYYLPPe2R18gXprQAitWfOHkWKc1
EO9wTt+PDi1FeaWs7MK1cQW056r1BWge5NcAByKJkWaxlxeLI7lZ8YSTY4XaXk1y
0vdqxUOU9t34bbsjZ+rMeWsYhD3nSKb7HY+Zz+H/sgBiBQ+inIDYOJ95Nx5/4kBU
xUyjN1p8Eif99Q+rn72aJjmvGRlwKrb+TDcbL1gWUhjzf79ehwGGAH1gGP61nQoj
+5Y/EnxV+Yotl2Px7lq7ckZHHOjl4xbdjD9KZhVmbJtGaAuNFcCFRnhFIAfoLDv9
6ShFvAIyR0oVtzp9qw8e1gaxvO/rWKp0pm+zlB1FBNXu
-----END CERTIFICATE-----